Thanks for taking the time to review this. I know there is a lot of information, and that puts off a lot of people, but I find it helps most people understand the issue and see that I have done my homework. Additional comments in-line below.
On 1/5/2016 3:24 PM, debbie...@gmail.com wrote: > Hi Jeff, > > as you put so much work into your post on the forum I did not > want to hit you with an "off the cuff" answer ... > but I can, at least, see more clearly your situation. > > Also, it seems to me, you have all the necessary tools and knowhow > to implement the solution yourself .. which you have .. more or less .. > ie: a "fully routed" solution .. which you claim does not work ? > > Quote: > I added a static route on my default gateway (a PfSense box) to redirect > any VPN network traffic back to the VPN box, which I believe should > send it > back through the tunnel to the point of origin. However, this did not > resolve my issue, so I must be mistaken about my routing somewhere, or > there > is something else that I have not considered > > What you have not considered is .. pfsense .. we do not support it. > > As I have had a similar issues with different routers (and pfsense) > I will add this as a pointer: > > Not all /routers or Operating Systems/ are created equal. > RFC compliancy is extremely optional .. > > Check all your Vendor's documentation .. > Run a packet sniffer to verify their often bold and inaccurate claims .. > (Example: > http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/ > > > ) > > The point being: > Check you have "ICMP redirect support" throughout. > I am not familiar with ICMP redirect support. I will have to do some more research and education to familiarize myself with this to understand how it might apply in my situation. > Otherwise, add the routes to the clients that need it .. manually > or from some other central configuration system. > This might be my plan of last resort, because I think it is going to confuse me more. > Just my2c .. it worked for me. > > Note: OpenVPN cannot help with your routers etc > Note: ICMP redirect is often considered to be a security risk! > > PS: You did not include any logs on your forum post .. > and .. as (*currently) I am helping mod the forum > I am currently holding off a misguided reply > which has been offered to your forum question. > Presumably you would prefer to add the logs > of a connection which *does not work* as expected .. first ;) > I did not add any logs because there is nothing in the logs relating to getting to a client behind the VPN server (I will double check this again). As I mentioned I have a solid connection from the remote client to the VPN server, and my logs show that. But when I try to ping or connect to a box on the LAN subnet (other than the VPN server) there is no information in the VPN logs that shows a ping failure. The error I get is at the console specifying the destination host is unreachable. If there is some specific information that might be in a specific log file I can provide it, but I don't know what to look for or what to provide that shows it *does not work* as expected. Clues gladly accepted. > > Enjoy the journey .. the destination maybe disappointing ;) > I do enjoy the journey; but I do hope the destination is not disappointing. -- Jeff Boyce, CF Meridian Environmental 2136 Westlake Ave. North Seattle, WA 98109 206-522-8282 www.meridianenv.com ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
